<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
Skip to main content

10 Lessons Learned About Change Resistance for Cybersecurity

One of the largest hurdles to cybersecurity change for any organization is resistance. This article outlines best ...

Cliff Embry
Posted by Cliff Embry
10 Lessons Learned About Change Resistance for Cybersecurity

In today's fast-paced business landscape, staying ahead of the competition requires efficient and effective solutions. According to Microsoft’s Work Trend Index, nearly 70% of employee report that they don’t have sufficient time in the day to focus on “work”, with more time being spent Communicating than Creating.

Microsoft 365 Copilot is designed, with Microsoft’s cloud trust platform at its core, to allow for employees to both be more productive, reduce the time spent searching for information, performing mundane tasks, and other low-value activities.

One of the largest hurdles to cybersecurity change for any organization is resistance. This article outlines best practices for overcoming resistance and paving a faster path to success.

Over the years, I have worked with hundreds of customers to implement change and have rarely been the one to communicate those changes to end users. I was “fortunate” to work in the background and let either the customer handle change management processes or leverage KiZAN’s Employee Engagement Group to champion the change with the customer. However, recent projects have necessitated my direct involvement with change management processes. Here are my lessons learned...so far!


The necessity of effective change management for security initiatives


KiZAN has ongoing internal projects to implement additional security controls for everyone at our company. As new Microsoft technology is released, we are expected to adopt it. The catch is that I know almost everyone at the company. I’ve been here for nearly 15 years. This makes me think about the projects differently because I’m speaking directly to the consumer of cybersecurity changes. And as one could expect, I feel their pain more when I’m not the man behind the curtain.

I talk to my co-workers about their pain. I try to strategize solutions for said pain and in doing so, I have come to realize that even when I think I’m speaking in “plain English,” I am not “communicating.” I’m speaking about technology. I’m speaking about “How” and the most obvious (to me) “Why’s.”

I received feedback that my message came across as:


“We are going to leverage technology X’s blank capabilities to do something with something.”

This is an actual email I received from one of my co-workers:


“Hey Cliff, I have 0 knowledge about what you discussed. It was a fantastic presentation and I’m wowed with your knowledge. I NEVER use my cell phone for work. EVER. Can’t get to emails…nothing. Do I need to do anything?”

I know this person and have worked with them for years. I’m glad they felt they could reach out and it has most certainly opened my eyes. So, I contacted our Employee Engagement Group, who are Prosci certified, to ask them “How can I communicate better, reduce friction, and successfully roll out new security features?” This is what I learned


Top 10 tactics for Managing Resistance (By Prosci) and interpreted by me:


  1. Listen and understand objectives

    • Allow employees to voice their concerns and objections

    • Understanding employee objections can create resolutions

  2. Focus on the ‘what’ and let go of the ‘how’

    • Inform employees of project outcomes (what will be different)

    • Don’t get bogged down with technical explanations, focus on the end-user experience

  3. Remove Barriers

    • Understand employee situations to help identify and remove barriers

    • Resistance is not always an objection

  4. Provide simple, clear choices and consequences

    • Promote choices for changes

    • Define the consequences of choices for each employee or role

  5. Create hope

    • Look forward and ensure positive outcomes

    • Share your optimism and enthusiasm to promote change

  6. Show the benefits in a real and tangible way

    • Demonstrate the positive aspects of the change

    • Let others share their own experience

    • Share the success of previous deployments

  7. Make a personal appeal

    • Explain why the change is important to you

    • Request support and assistance from employees in implementing the change

  8. Convert the strongest dissenters

    • Intervene to obstruct strong, vocal opposition

    • The most vocal dissenters can be the most vocal supporters

  9. Demonstrate consequences

    • Use caution and consult with HR and legal first (Last resort)

    • Be sure the organization understands the seriousness of changes by sending a clear message

  10. Provide Incentives

    • Encourage management to incentivize their employees with a bonus, pay, increases, entertainment, etc. so that they are directly rewarded

    • Increase salaries for managers upon completion of the change

I've been working on a 10-piece puzzle with 4.5 pieces. Although the deployment is underway, because it is still in a pilot mode, I still have a chance to adopt some of these tactics and ease the transition for my co-workers, and quite frankly, many friends.

Prior to this project, I had zero interest in change management. Now I can honestly say I’m intrigued and will continue to work with our Employee Engagement Group to put a KiZAN spin on our internal security adoption.

Organizational Change Management

Understand key concepts | Identify effective tools and processes | Educate key stakeholders


KiZAN Logo Blue


KiZAN is a Microsoft National Solutions Provider with numerous gold and silver Microsoft competencies, including gold data analytics. Our primary offices are located in Louisville, KY, and Cincinnati, OH, with additional sales offices located in Tennessee, Indiana, Michigan, Pennsylvania, Florida, North Carolina, South Carolina, Georgia and Texas.